PT-2025-3275 · One Identity · One Identity Identity Manager

Name of the Vulnerable Software and Affected Versions: One Identity Identity Manager versions prior to 9.3 Description: An insecure direct object reference IDOR issue allows privilege escalation. Only On-Premise installations are affected. The vulnerability can be exploited by a remote attacker t...

CVE-2024-55471

Oqtane Framework is vulnerable to Insecure Direct Object Reference IDOR in Oqtane.Controllers.UserController. This allows unauthorized users to access sensitive information of other users by manipulating the id parameter...

CVE-2024-55186

An IDOR Insecure Direct Object Reference vulnerability exists in oqtane Framework 6.0.0, allowing a logged-in user to access inbox messages of other users by manipulating the notification ID in the request URL. By changing the notification ID, an attacker can view sensitive mail details belonging...

PT-2024-36526 · Unknown · Oqtane Framework

Name of the Vulnerable Software and Affected Versions: Oqtane Framework affected versions not specified Description: The issue is related to Insecure Direct Object Reference IDOR in Oqtane.Controllers.UserController, allowing unauthorized users to access sensitive information of other users by...

SUSE CVE-2024-46528

An Insecure Direct Object Reference IDOR vulnerability in KubeSphere 4.x before 4.1.3 and 3.x through 3.4.1 and KubeSphere Enterprise 4.x before 4.1.3 and 3.x through 3.5.0 allows low-privileged authenticated attackers to access sensitive resources without proper authorization checks...

Online Birth Certificate System Insecure Direct Object Reference Vulnerability

Online Birth Certificate System is an online birth certificate system. The Online Birth Certificate System suffers from an insecure direct object reference vulnerability that stems from a lack of proper authorization checking of the viewid parameter in the /user/view-application-detail.php file. ...

PHPGurukul Online Notes Sharing Management System 安全漏洞

PHPGurukul Online Notes Sharing Management System is an online notes sharing management system from PHPGurukul Inc. A security vulnerability exists in PHPGurukul Online Notes Sharing Management System v1.0, which stems from a lack of authorization checking and an IDOR vulnerability that allows...

CodeAstro Complaint Management System 安全漏洞

CodeAstro Complaint Management System is a complaint management system from CodeAstro. A security vulnerability exists in CodeAstro Complaint Management System v1.0, which stems from an IDOR vulnerability that can be exploited to execute arbitrary code and obtain sensitive information by modifyin...

CVE-2024-55058

An insecure direct object reference IDOR vulnerability was discovered in PHPGurukul Online Birth Certificate System v1.0. This vulnerability resides in the viewid parameter of /user/view-application-detail.php. Authenticated users can exploit this flaw by manipulating the viewid parameter in the...

CVE-2024-55058

CVE-2024-55058 applies to PHPGurukul Online Birth Certificate System v1.0, where an insecure direct object reference exists in the viewid parameter of /user/view-application-detail.php. The vulnerability allows authenticated users to manipulate the viewid in the URL to access sensitive birth cert...

PHPGurukul Online Birth Certificate System 安全漏洞

Online Birth Certificate System is an online birth certificate system. The Online Birth Certificate System suffers from an insecure direct object reference vulnerability that stems from a lack of proper authorization checking of the viewid parameter in the /user/view-application-detail.php file. ...

CVE-2024-55058

An insecure direct object reference IDOR vulnerability was discovered in PHPGurukul Online Birth Certificate System v1.0. This vulnerability resides in the viewid parameter of /user/view-application-detail.php. Authenticated users can exploit this flaw by manipulating the viewid parameter in the...

CVE-2024-12447

The Get Post Content Shortcode plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 0.4 via the 'post-content' shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...

CVE-2024-12447

CVE-2024-12447 is a vulnerability in the Get Post Content Shortcode plugin for WordPress, affecting all versions up to 0.4. It enables Insecure Direct Object Reference via the post_content shortcode due to missing validation on a user-controlled key, allowing authenticated attackers with Contribu...

CVE-2024-12447 Get Post Content Shortcode <= 0.4 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Disclosure via post_content Shortcode

The Get Post Content Shortcode plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 0.4 via the 'post-content' shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...

PT-2024-17596 · WordPress · Get Post Content Shortcode

Name of the Vulnerable Software and Affected Versions: Get Post Content Shortcode plugin for WordPress versions up to, and including, 0.4 Description: The issue is related to Insecure Direct Object Reference. This is due to missing validation on a user-controlled key in the 'post-content'...

WordPress Get Post Content Shortcode plugin <= 0.4 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Disclosure via post_content Shortcode vulnerability

Insecure Direct Object Reference to Authenticated Contributor+ Sensitive Information Disclosure via postcontent Shortcode vulnerability discovered by Francesco Carlucci in WordPress Plugin Get Post Content Shortcode versions = 0.4...

CVE-2024-12309

The Rate My Post – Star Rating Plugin by FeedbackWP plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.4 via the getpoststatus due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to...

CVE-2024-12309

CVE-2024-12309 affects Rate My Post – Star Rating Plugin for WordPress (FeedbackWP). The vulnerability is an Insecure Direct Object Reference in get_post_status() due to missing validation on a user-controlled key, allowing unauthenticated voters to affect unpublished posts. The CVE entry notes v...

CVE-2024-12309 Rate My Post – Star Rating Plugin by FeedbackWP <= 4.2.4 - Unauthenticated Voting On Scheduled Posts

The Rate My Post – Star Rating Plugin by FeedbackWP plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.4 via the getpoststatus due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to...